00:00:00.234-->00:00:05.939
 >>Alright let's get started, so
I am Anthony Rose. Nice to meet
everyone. So this is actually my

00:00:05.939-->00:00:10.944
first talk at Defcon [Applause]
Its also my first time at
defcon, so this is really

00:00:18.051-->00:00:23.056
exciting. So if you made it
here, I am giving a talk on
bluetooth low energy, if you are

00:00:26.593-->00:00:33.467
not interested this is your last
chance to leave, otherwise you
are stuck here. So my talk is

00:00:33.467-->00:00:38.472
picking bluetooth talks from a
mile away, or smart locks made
by dumb people. So what I found

00:00:42.442-->00:00:47.447
is a lot of manufacturers
decided to make user convenience
over security. So my job was to

00:00:49.983-->00:00:54.988
take advantage of that. So I
want to steal your passwords and
get into your house.So lets get

00:00:57.157-->00:01:03.397
started. So um I'm Anthony Rose
I am part of a hacking group
that we call merculite. You

00:01:03.397-->00:01:08.969
might have seen couple other
talks around here, like some
instion stuff that's happening

00:01:08.969-->00:01:14.441
later today. Refrigerators,
smart refrigerators, and then
another bluetooth talk. I am the

00:01:14.441-->00:01:19.413
lock picking hobbyist. By no
stretch of the imagination an
expert. But definitely a

00:01:19.413-->00:01:21.415
hobbyist. My background is
actually electrical engineering.
You will notice that when you

00:01:21.415-->00:01:26.420
look at my code. Because um I
don't code very well, when you
think why the hell did he code

00:01:30.691-->00:01:35.696
it this way, yeah its because
I'm not good at coding. I'm
sorry. Hahaha. My background

00:01:37.931-->00:01:44.404
actually, um I did research at
Arizona state. Go Sun Devils. Is
anyone here a Sun Devil. He

00:01:44.404-->00:01:51.378
doesn't count cause he is my
brother. [Laughter] My
background is wireless video

00:01:51.378-->00:01:55.983
compression, so I did some
wireless stuff prior. But really
mainly my focus is now Bluetooth

00:01:55.983-->00:02:02.823
security, low energy bluetooth
security specifically. Ben he
was the other person who was

00:02:02.823-->00:02:08.061
supposed to be here, he couldn't
make it. He had his appendix
removed, probably not safe for

00:02:08.061-->00:02:13.066
him to travel. His background is
a PHD computer science, he has
done some previous work. You

00:02:15.202-->00:02:20.407
could actually look at some of
his stuff at Shmoocon, derbycon,
and he has a POC GTFO coming

00:02:20.407-->00:02:26.446
out, so keep an eye open for
that. Quick overview of what we
are going to talk about, some

00:02:26.446-->00:02:31.151
goals that we set out when we
actually wanted to look at
bluetooth. What is bluetooth low

00:02:31.151-->00:02:36.156
energy, because not everyone
might actually know what it is.
Uhhh why should you even care

00:02:36.156-->00:02:42.229
what I'm talking about. Uh some
exploits that we found. And then
some takeaways for consumer and

00:02:42.229-->00:02:47.334
vendors. And then some future
works that we actually wanted to
work on. And then finally open

00:02:47.334-->00:02:52.472
up the floor for some questions,
hopefully you don't throw
anything at me So let's get

00:02:52.472-->00:02:57.477
started. So our goals, really we
wanted to find vulnerabilities
in bluetooth locks. Uhh and once

00:02:59.680-->00:03:03.650
we started to find
vulnerabilities we figured hey,
we might want to contact vendors

00:03:03.650-->00:03:09.089
and let them know their locks
aren't safe. And it turns out
that vendors actually don't

00:03:09.089-->00:03:15.195
care. Uhhh we contacted twelve
vendors and only one of them
actually responded. And their

00:03:15.195-->00:03:21.501
response was yeah we think it's
a problem, but we aren't going
to fix it. So we figured next we

00:03:21.501-->00:03:25.338
might want to release this stuff
to the public so that way at
least consumers know what the

00:03:25.338-->00:03:29.643
issues is, so that they can make
the decision if they should buy
this lock or maybe I should try

00:03:29.643-->00:03:36.316
and stay away from it. I am also
a big movie buff so if you can
name all those good on you. But

00:03:36.316-->00:03:42.923
if you trust newman for your
security you are making a really
bad choice. [Laughter]

00:03:42.923-->00:03:47.260
Yeah...and also if you can
actually recognize my t-shirt,
because I am a huge movie buff,

00:03:47.260-->00:03:52.265
then I am impressed then. So
uhhh awesome. Oh yeah sorry.
Maybe you should check it out

00:03:56.236-->00:04:02.142
afterwards then. So what is
bluetooth low energy. Originally
it was designed to be a really

00:04:02.142-->00:04:08.482
low power protocol and its
design really send the minimal
amount of data. So your looking

00:04:08.482-->00:04:12.619
at very small amounts of data,
mostly like state updates os
like passwords, am I open or

00:04:12.619-->00:04:17.924
closed for a door, things like
that. It still operates in the
same spectrum as bluetooth

00:04:17.924-->00:04:24.598
classic. It's still at 2.4ghz
spectrum that everything uses.
And really the big thing for it

00:04:24.598-->00:04:29.269
is really short range, cause the
power consumption is very very
minimal. You are talking about

00:04:29.269-->00:04:35.575
like cell battery size. Uhh so
you are looking at really for
short range about 100 meters in

00:04:35.575-->00:04:40.547
most cases. Actually when you
talk about these locks, 20 to 30
meters is really where they cap

00:04:40.547-->00:04:46.153
out And what we wanted to do is
take advantage of this. So uhh
should you use a USB dongle with

00:04:46.153-->00:04:50.757
an antenna hookup, and you
actually get one of those which
has a decent amount of power on

00:04:50.757-->00:04:54.995
it, you can actually start
communicating with these devices
at like a quarter, half mile

00:04:54.995-->00:04:59.799
distance. So that's actually
what we did, which was pretty
cool. Uhhh I should have changed

00:04:59.799-->00:05:05.472
slides there. Uhh one of the
commands we will be sending, is
to be going to this host

00:05:05.472-->00:05:09.276
controller interface. And
actually what we send on Linux,
that actually gets interpreted

00:05:09.276-->00:05:14.781
to this GAT, the Generic
Attribute Profile, and what this
does it's actually sitting both

00:05:14.781-->00:05:18.852
on your lock and your phone, or
whatever you are user device you
are using. This is actually how

00:05:18.852-->00:05:24.524
they communicate. Uhh there's
things called attributes on the
server, and we actually send

00:05:24.524-->00:05:29.496
read and write requests as the
user, to the server, to actually
learn information or send

00:05:29.496-->00:05:33.433
information. So that's how I
send my password to a lock and
that's how the lock responds

00:05:33.433-->00:05:39.639
with now I'm open. So all those
attributes are actually sitting
on this GAT server. And now you

00:05:39.639-->00:05:43.376
are probably thinking why should
I even care what this guy is
even talking about. Well turns

00:05:43.376-->00:05:48.081
out these things are really
popular. The recent estimates
for how many of these devices

00:05:48.081-->00:05:52.919
are being built a year, is like
3 billion a year, so there's
tons of tons of bluetooth low

00:05:52.919-->00:05:57.357
energy devices. I mean if you
look at your phone it probably
has bluetooth low energy in it,

00:05:57.357-->00:06:01.761
so they're everywhere. and they
are being used for security
purposes. So they are being used

00:06:01.761-->00:06:05.832
to secure your homes and your
valuables. And there's a wide
range of these devices. There's

00:06:05.832-->00:06:10.837
deadbolts, bike sharing programs
use these locks, lockers, guns
cases, ATM locks, yes ATM locks.

00:06:13.073-->00:06:16.943
ATM locks where they actually
lock up the money with a
bluetooth low energy lock,

00:06:16.943-->00:06:23.683
surprisingly. And then Airbnb,
does everyone know what airbnb
is? Anybody? Okay. Uhhh so

00:06:23.683-->00:06:27.654
surprisingly you can actually
rent houses with this program
and they use smart locks, you

00:06:27.654-->00:06:32.292
actually get the code from them
and then you actually open up
the lock and go in there. I had

00:06:32.292-->00:06:35.695
a friend who travelled Europe
recently who saw a bunch of
locks we are going to talk

00:06:35.695-->00:06:41.001
about, and he was like really
look this, could you break into
them, could you get me a free

00:06:41.001-->00:06:45.705
house. And I said, ummm probably
not. So there's a wide range of
companies that actually build

00:06:45.705-->00:06:50.377
these products , uhhh a lot of
big companies and a lot of
startups. And what we found that

00:06:50.377-->00:06:54.514
a lot of the smaller companies
just didn't have the funding to
actually build security in, at

00:06:54.514-->00:06:58.618
least robust security. And
that's something we focused on.
But still even the big

00:06:58.618-->00:07:04.791
companies, still had some holes
in a lot of the things they
developed. So to actually hack

00:07:04.791-->00:07:09.262
bluetooth what you need is some
uh a sniffer. Im sure everyone
is familiar with the ubertooth.

00:07:09.262-->00:07:13.767
Uhh pretty affordable option at
$100, obviously there's some
cheaper options, but this is

00:07:13.767-->00:07:18.004
actually what I prefer. You need
something to be able to send
commands after your sniff them,

00:07:18.004-->00:07:24.577
so you need a USB dongle of some
sort. You can get a regular USB
dongle for $15. I really like

00:07:24.577-->00:07:30.183
the UD100 [inaudible], it's got
and antenna hookup, so you can
hook up a really high gain

00:07:30.183-->00:07:35.822
antenna on it. And then you can
really have fun at really long
distances. Uhhh raspberry pi is

00:07:35.822-->00:07:39.926
great because it actually runs
all the stuff mobily and when
you actually use that kind of

00:07:39.926-->00:07:43.997
platform, you can just set it up
and leave it. Don't need to
worry about somebody stealing

00:07:43.997-->00:07:48.768
it. Uhhh a laptop obviously
somebody might walk away with, a
raspberry pi you're only out $40

00:07:48.768-->00:07:53.773
bucks, so its not really a big
deal. The high gain antenna that
I use 15db yagi if you are a

00:07:56.109-->00:07:59.813
electrical engineer like me.
That's actually all my stuff
right there. My wife gets really

00:07:59.813-->00:08:04.751
upset because it takes a lot of
space, and she gets pretty
pissed so. The ubertooth one,

00:08:09.055-->00:08:12.625
you're all familiar, create by
Michael Osman, couple of years
back. You can look up a lot of

00:08:12.625-->00:08:16.463
information on it. But really
the important part of it, it was
really the first bluetooth

00:08:16.463-->00:08:22.569
sniffing tool that was really
out. Prior to this a lot of the
other options were really really

00:08:22.569-->00:08:29.109
expensive, like $10 000. So this
made it really affordable for
the average user like us. This

00:08:29.109-->00:08:33.980
does all passive sniffing, and
it really only has a receive
capability, uhh you can modify

00:08:33.980-->00:08:38.918
the firmware to do other things.
But really for low energy it's
really only receiving commands.

00:08:38.918-->00:08:44.391
Which is good, because the user
has no idea this is happening.
You can use that with like a USB

00:08:44.391-->00:08:48.027
dongle, you can actually go
wardriving with it. So I like
drive around my neighborhood and

00:08:48.027-->00:08:52.832
pick out all the things my
neighbors have or I setup my
antenna out my windows, and then

00:08:52.832-->00:08:57.337
my neighbors knocked on my door
and they wonder what the hell am
I doing. So you know you can

00:08:57.337-->00:09:01.408
drive around, you can pick up
password from far, or actually
pick out networks from people.

00:09:01.408-->00:09:06.279
Then you set up a high gain
antenna in the back of your jeep
like I do, park it at McDonalds

00:09:06.279-->00:09:10.250
and then I sniff your password
from your house, from maybe a
half mile. And then guess what I

00:09:10.250-->00:09:13.887
could get into your house if I
wanted to. Uhhhh and its really
concealable, I mean no one's

00:09:13.887-->00:09:20.160
gonna be looking into the back
of my truck at least, at least I
hope not. And its great. Uhh soo

00:09:20.160-->00:09:25.832
uhh one of the cool things we
actually thought of: War flying.
So take like a quad copter, hook

00:09:25.832-->00:09:31.438
up a raspberry pi to it, fly it
around use the onboard gps to
actually plot where devices are,

00:09:31.438-->00:09:35.075
and actually find where they are
and you can actually go back
later. Uhh I haven't really had

00:09:35.075-->00:09:39.079
the time to build it, but you
know it's a cool project. Maybe
some could build it and I could

00:09:39.079-->00:09:42.348
play around with it. So I did a
recent trip around my
neighborhood. I drove round for

00:09:42.348-->00:09:48.354
like an hour, I found a lot of
really cool things. Smart TVs,
smart like uh pressure cookers,

00:09:48.354-->00:09:53.726
toasters, fitbits, God knows
what people have. But I actually
found 4 locks that people

00:09:53.726-->00:09:58.431
actually had within about 40
minutes. Which is pretty cool
cause cause all 4 of those locks

00:09:58.431-->00:10:03.036
I actually know and actually two
of them actually have exploits
for. So uhhh probably should

00:10:03.036-->00:10:08.341
have told them, but yeah uhh
whatever. So before I go through
all the lock I broke, I want to

00:10:08.341-->00:10:13.079
point out 4 of them I couldn't
actually break, i've had some
ideas of how to actually break

00:10:13.079-->00:10:16.516
them, I just haven't had a
chance to do it yet. But but
let's go through the ones I

00:10:16.516-->00:10:21.120
could still break. The first one
is the Augus lock. There's some
exploits that I think I could

00:10:21.120-->00:10:25.692
use, but haven't had a chance to
use. But about a year ago a
couple of individuals posted on

00:10:25.692-->00:10:30.163
their blog about a hard coded
password, actually built into
their application. So this

00:10:30.163-->00:10:35.268
password isn't used for much
except settings, but still the
practice of having a hard coded

00:10:35.268-->00:10:39.472
password in your applications is
really not a good thing. The
next one is actually really

00:10:39.472-->00:10:45.612
surprising. So the quickset lock
actually uhhh, they had a really
interesting design decision.

00:10:45.612-->00:10:51.584
They built fantastic bluetooth
security on it, it's really hard
to break. However their lock, at

00:10:51.584-->00:10:55.922
least the older versions, you
can actually use a screwdriver
actually to open the lock. So it

00:10:55.922-->00:11:00.393
takes about 10 seconds to
actually break the lock open. I
really wanted to try it, but I

00:11:00.393-->00:11:04.697
had one of the newer models, and
I really didn't feel like
breaking a $300 lock, because I

00:11:04.697-->00:11:08.801
really don't have that much
money. So I didn't break my
lock, but there's youtube videos

00:11:08.801-->00:11:13.172
all over the place. Go check
them out, they're pretty cool.
But yeah that's a great design

00:11:13.172-->00:11:18.111
decision, on their part right?
Uhh what do they all have in
common? They all use AES

00:11:18.111-->00:11:22.782
encryption, they use some sort
of nuance value, a random
number. Then they actually send

00:11:22.782-->00:11:26.185
that value and get it encrypted
and then send it back. that's
normally how a lot of these

00:11:26.185-->00:11:30.957
locks work. They use all of the
ones that sorta break, had 2
factor authentication, at least

00:11:30.957-->00:11:34.494
they aren't using hard coded
password anymore, at least I
hope not. And then they use a

00:11:34.494-->00:11:40.133
really long password space, uhhh
16 to 20 characters in most
cases. SOme of the ones I

00:11:40.133-->00:11:44.637
actually found use 6 to 8
characters surprisingly, I don't
know why you would ever choose

00:11:44.637-->00:11:48.274
that, but that makes brute
forcing very easy. And I
actually put out some tools for

00:11:48.274-->00:11:53.413
you guys that actually be able
to brute force things. There's a
wide range of vulnerable

00:11:53.413-->00:11:58.585
devices, so before you get
overwhelmed by this slide, I
broke them into categories, uhhh

00:11:58.585-->00:12:03.289
to be able to see the
categories, and each category is
a lock. The firmware number in

00:12:03.289-->00:12:08.094
case they updated, that way at
least you know which version you
can exploit. And then a symbol

00:12:08.094-->00:12:13.700
for it's a padlock or a door
lock. So we are going to go over
plain text passwords, replay

00:12:13.700-->00:12:18.972
attacks, actually fuzzing a
device to get it into a error
state. Uhhh one where we

00:12:18.972-->00:12:22.742
actually decompile an app, and
actually get something out of it
that's interesting. And then

00:12:22.742-->00:12:27.814
finally device spoofing, pretty
much your man in the middle
attacks.Pretend to be a lock and

00:12:27.814-->00:12:32.619
get the user to send me a
password so that way I can
unlock their device. To be able

00:12:32.619-->00:12:36.956
to do this, you need to be able
to sniff first so we use the
ubertooth. So the way bluetooth

00:12:36.956-->00:12:41.394
low energy actually works you
have 3 advertisement channels.
If I want to steal your password

00:12:41.394-->00:12:45.198
on the first try, I need to be
able to sit on each of those
advertisement channels. SO I

00:12:45.198-->00:12:51.004
need to have 3 uberteeth in this
case. Uhhh one setup on each
advertisement channel, so I know

00:12:51.004-->00:12:54.607
I can actually get the
information. Obviously I'm
sniffing wireless so there's no

00:12:54.607-->00:12:58.711
guarantee i'm gonna get it, but
atleast i'm increasing my
chances. Once I have all of that

00:12:58.711-->00:13:02.982
information I can compile it all
into one file, I can filter out
all the duplicate stuff, and

00:13:02.982-->00:13:07.153
then I can actually filter for
your password. Now that I have
your password, I need to be able

00:13:07.153-->00:13:11.724
to send it somewhere. So what we
do is we use scapy, it actually
has some sockets built into it

00:13:11.724-->00:13:16.696
which is pretty cool. I can bind
right to the bluetooth socket
and actually send commands to

00:13:16.696-->00:13:20.900
the dongle, that actually go to
devices. So that's what,
actually that what we use, and I

00:13:20.900-->00:13:25.838
built some commands we regularly
use into python so that we are
actually able to use them. So I

00:13:25.838-->00:13:30.510
can connect, do read/write
commands, and I can do spoofing,
actually change my address and

00:13:30.510-->00:13:35.048
my device name, all through
these sockets. Which is great.
So now that I have all of that

00:13:35.048-->00:13:41.954
in place, I can actually start
attacking locks and that's what
we are gonna do now. SO uhh I

00:13:41.954-->00:13:46.793
wanted to say this was the first
lock I actually broke, but turns
out it's not. I found out this

00:13:46.793-->00:13:52.398
morning actually from my dad,
apparently like 15 years ago,
you now the remote that actually

00:13:52.398-->00:13:57.403
block like TV channels on, uh,
on uh cable boxes. So I guess I
actually guessed his password 15

00:13:59.472-->00:14:04.644
years ago and I started watching
inappropriate things [laughter]
so turns out that's actually the

00:14:04.644-->00:14:09.916
first lock I broke. So I broke
into his remote and decided to
watch late night HBO, so this is

00:14:09.916-->00:14:14.854
the second lock I ever broke.
[Laughter]. So this is the
quickset lock, and they had a

00:14:14.854-->00:14:18.024
really interesting design
decision. So what they actually
do with this lock is they send

00:14:18.024-->00:14:21.127
your password in plaintext. Uhhh
not only do they send your
password in plain text, they

00:14:21.127-->00:14:27.500
send it twice, so they double it
up. Then they throw a OP code at
the beginning. So I thought to

00:14:27.500-->00:14:33.039
myself why would they do this.
Turns out the do this because
you can actually change the

00:14:33.039-->00:14:37.310
password by using the same
command with the same handle. So
that's actually what we're gonna

00:14:37.310-->00:14:42.815
do. So right now this lock is
broken. So let's cross off this,
I can get into this lock. But I

00:14:42.815-->00:14:46.853
want to do more than just break
into this lock. I want to be
able to take advantage of the

00:14:46.853-->00:14:51.124
fact that I can actually change
that admin password. So umm I'm
going to change the admin

00:14:51.124-->00:14:56.562
password now. So how do I do
that. So I take that OP code and
change it to 01, and I then I

00:14:56.562-->00:15:01.400
set the password to be all
sixes. So you're thinking oh
cool you know, the admins now

00:15:01.400-->00:15:06.405
locked out, the user is locked
out, they can't use the device.
Uh turns out the user can reset

00:15:10.243-->00:15:14.380
the device without removing the
battery, so you have to remove
the battery from the device to

00:15:14.380-->00:15:20.219
rest it. So guess what the
battery is actually behind a
panel that can't be removed

00:15:20.219-->00:15:27.126
unless the lock is already open.
[Laughter]. So really they're
completely locked out of their

00:15:27.126-->00:15:31.264
device, and since i'm doing this
outside the application, the
application doesn't actually

00:15:31.264-->00:15:36.602
know what to do. So it actually
pleads with you, hey please help
me I don't know what to do, put

00:15:36.602-->00:15:41.707
the right password. So I locked
the user out in both the
application and physically from

00:15:41.707-->00:15:46.312
their device. SO thats pretty
cool. Ummmm really actually
really interesting story, I

00:15:46.312-->00:15:50.583
found this device pretty
recently and I'll tell you a
story about it. So I went to a

00:15:50.583-->00:15:56.122
car dealership recently and uhh
I actually had to get a oil
change for my car, and they told

00:15:56.122-->00:16:01.661
me hey it's going to be like 2
hours, go have a seat. And i'm
like you told me 30mins on the

00:16:01.661-->00:16:06.032
phone, what the fuck. So I
figure hey you know what, it's
not that big of a deal and they

00:16:06.032-->00:16:09.969
are just like go have a seat. So
at this point i'm pretty pissed
cause they keep telling me to go

00:16:09.969-->00:16:15.174
sit down and shut up, so I, I
walk away and I'm thinking to
myself: You know what fuck you

00:16:15.174-->00:16:21.380
I'm going to start hacking your
shit. [Laughter] I start
scanning all the stuff they have

00:16:21.380-->00:16:27.887
available and I'm seeing cars
pop up, people's iphones,
fitbits, couple of tiles, if you

00:16:27.887-->00:16:32.959
know anything about tiles, so I
started actually to search and
sniff stuff cause I wanted

00:16:32.959-->00:16:37.630
things to go off just to piss
them off. So uhhh I started
doing that and then this lock

00:16:37.630-->00:16:42.335
popped up and I got really
excited, cause this is actually
that quicklock that we just

00:16:42.335-->00:16:48.574
talked about, so 30 mins go by,
I'm waiting i'm waiting. It's
about the time I would be home

00:16:48.574-->00:16:51.978
already at this point, and then
I get the guy's password. So
uhhh Im really excited at this

00:16:51.978-->00:16:56.983
point. So let me show you his
password. Here it is, actually
let me zoom it in. [Laughter].

00:17:04.090-->00:17:10.897
Yeah he set his password to be
69s, ummmm actu...um remember
i'm in a car dealership so the

00:17:10.897-->00:17:16.402
guy looks like this. Uhhh so
think about a user he sets his
password, he thinks no one is

00:17:16.402-->00:17:21.574
gonna guess it, but little does
he know i'm gonna sniff it in
plaintext and actually you know

00:17:21.574-->00:17:26.479
I can see it. So uhhh yeah he is
a bit of a pervert i'm sorry.
[Laughs]. No I didn't break into

00:17:26.479-->00:17:31.150
his lock, but atleast I have his
password, so that's kinda cool.
Uhhh since we are dealing with

00:17:31.150-->00:17:36.722
plaintext passwords, we can
brute force them. You know with
me I feel that when all else

00:17:36.722-->00:17:41.260
fails, brute force it. Uhhh but
in a lot of things that these
manufacturers do is they limit

00:17:41.260-->00:17:47.300
those password space, so what I
found is that a lot of them use
minimal password spaces. So 8

00:17:47.300-->00:17:52.705
digits in some cases, or 6
characters exactly. So those
password spaces are really easy

00:17:52.705-->00:17:56.909
to brute force as they are
really small. Still it could
take a while, so you can use

00:17:56.909-->00:18:01.847
word lists, obviously. You can
use 1s, 1 through 8, 69, phone
numbers, street address, or with

00:18:04.450-->00:18:09.789
a wordlist with 6 characters
exactly word and use that to
brute force. All of that is on

00:18:09.789-->00:18:13.292
github, you guys can check it
out at the end. Uhh if you break
into things, send me a message.

00:18:13.292-->00:18:18.564
It will be pretty cool. So
here's a little demo of the
quicklock. Pretty simple little

00:18:18.564-->00:18:22.802
lock actually. Umm you know you
have to click the button on it
actually to connect to it,

00:18:22.802-->00:18:27.773
started sniffing it with
ubertooth. I actually get a pcap
file that I'll then put into a

00:18:27.773-->00:18:33.946
script, that actually parses all
of the information and pulls out
the password for me, then sends

00:18:33.946-->00:18:39.785
it to the lock. And I'm not
really a nice guy, so I decided
that I should also add in where

00:18:39.785-->00:18:44.423
after I unlock the lock, I also
change your password. So you are
also locked out when I get break

00:18:44.423-->00:18:50.296
into your house. So thats pretty
cool. Originally I wanted to do
a wireless demo, but everybody

00:18:50.296-->00:18:56.602
here has bluetooth. It is
fucking crazy. If you do a quick
scan, there is a 1000 something

00:18:56.602-->00:19:01.741
devices. And there is no way in
hell that I will actually be
able to sniff here, so I opted

00:19:01.741-->00:19:07.980
to do videos here, so everybody
knows. Next actually some
companies opted to actually do

00:19:07.980-->00:19:13.219
encryption. And you think oh
great they use encryption, their
websites advertise crazy things.

00:19:13.219-->00:19:18.758
They advertise we are using
256bit AES encryption, the
military uses it so it's gotta

00:19:18.758-->00:19:20.760
be great. So turns out they
don't actually use encryption
the way that it should be used.

00:19:20.760-->00:19:24.497
So turns out that I just sniff
it, and then send it back to the
device, it opens. Which kinda

00:19:24.497-->00:19:26.499
sucks for them, it's great for
me, but really sucks for these
companies. Uhhh even better than

00:19:26.499-->00:19:28.501
that. All four these logs
actually have more in common
than just replay attacks. Uhhh

00:19:28.501-->00:19:30.503
actually if I set my password to
be password, for example, and I
set it on one of these device,

00:19:30.503-->00:19:34.540
it actually encrypts it exactly
the same way on all four of
them. And then they actually use

00:19:34.540-->00:19:40.112
the same method of actually
opening up, as the other ones.
So turns out a lot of these

00:19:40.112-->00:19:45.317
locks, they are sold on Amazon,
Newegg, couple of other
websites, and they go up 2 or 3

00:19:45.317-->00:19:50.723
at a time and they pull them
off. So they end up using the
same code as the backend for all

00:19:50.723-->00:19:52.725
of them, and they just keep
repackaging them as something
else. So uhh it makes it really

00:19:52.725-->00:19:56.929
easy if you actually just sniff
it and replay it to open them.
Oh and by the way they are all

00:19:56.929-->00:20:01.934
made by Chinese manufacturers.
I'm not bashing anything but
yeah, they all have stickers on

00:20:04.203-->00:20:07.807
them written in Chinese. And the
manuals are actually written by
somebody who cannot speak

00:20:07.807-->00:20:12.812
English. It's absolutely awful
to figure out how to set these
up. So these are broken, pretty

00:20:26.292-->00:20:30.863
cool. Now next actually after
this one, is actually a
completely different thing. We

00:20:30.863-->00:20:36.168
were looking for companies, that
actually use encryption, but
maybe developed their own sort

00:20:36.168-->00:20:40.740
of encryption. SO we wanted to
see hey can we actually fuzz it,
if we fuzz a device can we get

00:20:40.740-->00:20:45.177
it in an error state and what
happens when it's in that error
state. And that's actually where

00:20:45.177-->00:20:50.015
we found this lock, okey dokey,
uhhh if you are familiar with
it, uhhh it's made of all

00:20:50.015-->00:20:56.455
plastic. I don't know why you
use a plastic lock for your
house, uh cool. Hahaha. We've

00:20:56.455-->00:21:01.260
actually went to their website,
and we were started looking at
how they claim their security.

00:21:01.260-->00:21:05.397
So actually the interesting
parts to us was hey we developed
something that was similar to

00:21:05.397-->00:21:10.402
AES encryption, we are like oh
cool, and they combine it with a
patented cryptographic solution.

00:21:12.404-->00:21:17.877
So if you know anything about
Crypto, proprietary crypto is
not a good idea. Usually it

00:21:17.877-->00:21:21.814
means it's it not tried and
tested, and there is usually
things you can take advantage

00:21:21.814-->00:21:27.319
of. This is exactly what we did.
So we figured hey lets take a
look at this lock, what can we

00:21:27.319-->00:21:31.790
find out about it? So we started
sniffing a bunch of things on
it, we started sniffing a bunch

00:21:31.790-->00:21:36.896
of packets and we started
noticing the keys really weren't
that unique. Ummm you started

00:21:36.896-->00:21:41.967
seeing patterns in them. So you
figure oh cool you know maybe I
will be able to fuzz it. So we

00:21:41.967-->00:21:46.238
came up with this intricate
fuzzing script, you know we were
going to do one byte at a time,

00:21:46.238-->00:21:50.743
it was going to come up with
combinations, it could take days
or weeks or months. Boy were we

00:21:50.743-->00:21:55.748
wrong. Turns out it takes about
3 seconds. [Laughter]. Because
if I take the 3rd byte and I

00:21:59.418-->00:22:04.356
change it to 0, the lock enters
an error state, not only does it
enter an error state, it opens.

00:22:12.031-->00:22:18.337
[Laughter]. [Clapping].
Hahahaha. Oh it gets better.
Ummmm [laugher] it goes,

00:22:18.337-->00:22:22.541
actually sends up a error
message in the application
saying the keys are out of sync.

00:22:22.541-->00:22:26.579
So I started to think to myself,
why would this happen? Why would
the keys be out of sync?

00:22:26.579-->00:22:32.151
Remember that patented crypto we
talked about earlier? Yeah it
might be some sort of XOR,

00:22:32.151-->00:22:38.123
because they actually used a
previous key to generate future
keys, they are out of sync. So

00:22:38.123-->00:22:43.429
yeah that wasn't really a good
idea. So uhh a very funny story
about them, we contacted them to

00:22:43.429-->00:22:47.333
let them know they had some
problems with their lock, and
then they turn off their

00:22:47.333-->00:22:52.338
website. [Laugher]. So uhhh I am
not claiming any responsibility
for anything, but yeah they

00:22:54.874-->00:22:59.078
turned off their website after
we told them there is a issue.
You can still buy their stuff,

00:22:59.078-->00:23:03.048
they are still selling it on
amazon, so you can go check it
out. But it may not be supported

00:23:03.048-->00:23:07.820
much longer. And then there's
actually a video of it, pretty
cool. You use the application to

00:23:07.820-->00:23:14.393
actually unlock it, you swipe it
and it unlocks. I sniff the
password that's current, and I

00:23:14.393-->00:23:17.896
will take that, I will actually
run it through my script, where
it actually takes out the

00:23:17.896-->00:23:22.901
password, turns that 3rd byte to
zero and then unlocks.....at
some point....and there it goes.

00:23:34.847-->00:23:40.119
Hahahahaha [Clapping]. And then
this is where the user comes
back and they want to lock their

00:23:40.119-->00:23:44.590
door, they want to unlock it or
whatever they want to do, and
guess what it doesn't work. That

00:23:44.590-->00:23:51.497
kinda sucks. So...uhh so kinda
of a different thing to talk
about. The thing about android

00:23:51.497-->00:23:56.201
applications you can actually
pull off those applications in
apk format. You can actually

00:23:56.201-->00:24:01.674
decompile them, actually into
readable code. Umm so I actually
like to use this bytecode

00:24:01.674-->00:24:08.013
viewer, it allows you to view it
in a bunch of different ways and
actually view what they coded as

00:24:08.013-->00:24:13.152
if it's readable. That's what I
did for this lock, the Dena
lock, I actually broke this lock

00:24:13.152-->00:24:18.557
down into readable code, to
actually see what they put in
there. Turns out they had this

00:24:18.557-->00:24:23.495
hardcoded password in there.
[Laughter]. Umm yeah you think
this password is cool, guess

00:24:23.495-->00:24:27.599
what. They don't just put this
password in there, this is on
every device. They actually

00:24:27.599-->00:24:32.938
store your password also, so my
password in this case is
password. So they actually XOR

00:24:32.938-->00:24:38.210
that with this super secret
password they have, and then
store it in this table. So

00:24:38.210-->00:24:42.848
actually every user's password
is stored in this table and
actually I know the method they

00:24:42.848-->00:24:47.486
use to store these passwords.
Uhh I haven't had a chance to
actually break this lock, im

00:24:47.486-->00:24:51.357
pretty sure that's what this is
used for, but I am not a 100
percent sure. I want to go back

00:24:51.357-->00:24:55.828
and actually do it, but I
haven't a chance. So its kinda,
kinda pawned since I haven't

00:24:55.828-->00:25:01.700
really broken into it yet, but I
kinda have all the tools to do
that. A big thing a lot of

00:25:01.700-->00:25:06.338
companies are moving towards is
like a web server backend. That
way you can't pull password from

00:25:06.338-->00:25:10.976
actual applications. So what
they do is store on a web server
and you ping that server with

00:25:10.976-->00:25:16.115
some sort of value, they encrypt
it and send it back. This is
great because a lot of the

00:25:16.115-->00:25:21.320
companies are using a it, its a
lot more secure. However if you
fake the device, you can

00:25:21.320-->00:25:26.959
actually trick the user to send
you the password. So we actually
take the device, we impersonate

00:25:26.959-->00:25:31.263
it, and we trick the user into
giving us a password. To do that
it doesn't take a lot of

00:25:31.263-->00:25:37.469
equipment: a raspberry pi, maybe
a laptop. You need something to
run bluez, that bluetooth stack.

00:25:37.469-->00:25:42.374
You need something to actually
to build the GAT server on your
device. So bleno is a great

00:25:42.374-->00:25:47.346
program, um I saw some of the
other talks talk about Bleno,
with the man in the middle

00:25:47.346-->00:25:52.751
attacks. Then you actually need
something to pull services off
devices. And I like lightblue

00:25:52.751-->00:25:56.655
explorer great program that you
can run on your phone. The
reason that I Like it is, now

00:25:56.655-->00:26:00.159
when you walk around with a
phone no one looks at you funny,
but when you walk around with a

00:26:00.159-->00:26:05.230
laptop everybody gives you a
really really nasty look. Its
great to use on your phone cause

00:26:05.230-->00:26:10.569
no one looks at your twice. And
this is very mobile, if you set
it up on a raspberry pi, you can

00:26:10.569-->00:26:15.641
really set it up anywhere. And
its somewhat undetectable. And I
say that if these applications

00:26:15.641-->00:26:20.245
are running in the background,
the user has no idea they are
connecting to you and giving you

00:26:20.245-->00:26:25.117
a password. The web servers
might know. So that's kinda
where its somewhat. However most

00:26:25.117-->00:26:29.087
of these web servers don't give
a shit. You can ping them a 1000
times and they will give you a

00:26:29.087-->00:26:33.125
1000 password. And you can build
a whole table of passwords from
this. and guess what these

00:26:33.125-->00:26:36.995
servers don't care, cause they
actually think you are the right
person. So I keep getting

00:26:36.995-->00:26:40.799
passwords and I can do whatever
I want with them. And we found
actually one of the devices we

00:26:40.799-->00:26:44.102
are going to talk about in a
second: bitlock. If you are
familiar with this lock, it's

00:26:44.102-->00:26:48.607
actually a padlock they use for
bike sharing. They are ;pretty
widely used, they are in like 20

00:26:48.607-->00:26:53.178
different countries. Uhh all
over the United states as well.
And that's what we will actually

00:26:53.178-->00:26:58.283
be looking at, because they
actually use a nuance value that
they send, and we actually found

00:26:58.283-->00:27:02.821
a way to predict what the next
nuance value is gonna be. And I
will show you that here. So this

00:27:02.821-->00:27:09.595
is actually how we break into
the lock. We connect to the
bitlock first, we actually scan

00:27:09.595-->00:27:13.665
for all of those attributes, all
the primary services, the
characteristics, and we build a

00:27:13.665-->00:27:20.105
copy of the server in the bleno.
And there's all the attributes
right there. So I connect to the

00:27:20.105-->00:27:26.044
lock, uhh I set, I actually get
a nuance value, and I send an
invalid password. Doesn't matter

00:27:26.044-->00:27:31.383
what I send cause I just want to
know what it's gonna do next.
Next it actually increments it

00:27:31.383-->00:27:36.121
by 1, and the reason why it does
that, that's actually the method
it uses actually generate a

00:27:36.121-->00:27:40.492
random value. That random
nuances is actually only
incrementing. And that's it.

00:27:40.492-->00:27:44.997
That's all they do. So I
actually have every value from
this point on, because they are

00:27:44.997-->00:27:49.301
just going to increment it every
other time. So I am done with
them, I have everything I need.

00:27:49.301-->00:27:53.338
I just need a user. So I wait
for them to park their bike,
they lock it up, they go

00:27:53.338-->00:27:59.511
somewhere. Then I setup my
device to connect to it. I
actually send them that value,

00:27:59.511-->00:28:04.550
that n + 2 value that I was
talking about. They send it to
their web server, they encrypt

00:28:04.550-->00:28:11.156
it, send it to me. And now I
have their password. Pretty easy
process. And that's all because

00:28:11.156-->00:28:15.961
of that nuance. Now I go back to
that bitlock. And here's the
best part of all of it, this

00:28:15.961-->00:28:21.266
value I'm talking about, it
doesn't matter what I set it to.
So I can get n + 10, I can get n

00:28:21.266-->00:28:25.904
+ 100, I can get n + 1000, I can
build an entire table of
password. Because they are only

00:28:25.904-->00:28:30.576
incrementing that value and I
know how to force the bitlock
how to increment. So now I go

00:28:30.576-->00:28:35.981
back to the bitlock, whatever
value I'm at, I force it to
increment, so I connect to it.

00:28:35.981-->00:28:41.420
It sends me this random value I
would never guess, I send the
encrypted version to it and

00:28:41.420-->00:28:46.425
guess what it opens. [Laughter]
[Clapping]. So now I have their
bike, I'm riding around on it.

00:28:54.333-->00:28:58.770
Hahaha. So this is pretty
deployable, pretty easy to use
because, you want to

00:28:58.770-->00:29:03.208
look..really your targets for
this really is high traffic
areas. So you want to look for

00:29:03.208-->00:29:08.080
like coffee shops. Because
hipsters like bikes. [Laughing].
So if you find a coffee shop,

00:29:08.080-->00:29:12.551
there is probably someone using
one of these locks nearby. Or
you can look for a universities,

00:29:12.551-->00:29:18.624
because some of the universities
want their students to use bikes
and guess what we found one that

00:29:18.624-->00:29:23.528
uses this. Ummm I'm not gonna
tell you what university, but
when you open up the application

00:29:23.528-->00:29:29.701
there is a very cool feature
built into it. So you can
actually look at any bike share

00:29:29.701-->00:29:33.572
program that's out there,
without actually being
subscribed to their bike sharing

00:29:33.572-->00:29:39.211
program. So I travelled to this
university and I could actually
find where all of their bikes

00:29:39.211-->00:29:43.615
are actually located. I just
have to go to one of those
locations. So I go to one of

00:29:43.615-->00:29:49.521
those locations and look there
is a bike, and then I get out my
phone and I start scanning,

00:29:49.521-->00:29:53.425
because guess what I have my
phone out and nobody thinks
twice. I curse a couple of

00:29:53.425-->00:29:58.363
times, I kick the bike and
everyone just thinks I'm stupid
and cant open the lock. But I

00:29:58.363-->00:30:03.535
have all the information I need
right now, so I go sit at a park
bench nearby and I start

00:30:03.535-->00:30:09.374
entering all the information I
got collected with light blue.
So I take that information and

00:30:09.374-->00:30:14.680
actually put it into bleno so
actually have the device name
now and I have the nuance value.

00:30:14.680-->00:30:19.484
And then I start advertising.
And I wait for a user to come by
and connect to me and Ill get

00:30:19.484-->00:30:24.723
their password. well there
happens to be one problem,if you
know anything about college

00:30:24.723-->00:30:28.226
students they don't like to hang
around during the summer and
that's when I decided to

00:30:28.226-->00:30:34.533
actually go there. So there was
nobody around. So yeah that was
a little upsetting. But I do

00:30:34.533-->00:30:37.936
plan on going back during the
fall, when I actually know
there's people around to test

00:30:37.936-->00:30:42.708
this at again. At Least so I can
get password. Im not gonna steal
any bikes I promise I won't.

00:30:42.708-->00:30:47.713
Uhhh but if you guys do it has
no bearing on me. So whatever
you want to do. Uhh cool thing

00:30:50.148-->00:30:55.087
you can actually do, actually to
take advantage of things you can
actually do like a relay attack

00:30:55.087-->00:30:59.591
with this. And the reason why we
thought of this because we
contacted bitlocker originally.

00:30:59.591-->00:31:04.763
And we told them hey, you might
want to change your value that
you're sending out because guess

00:31:04.763-->00:31:10.135
what it's just incrementing and
I can predict that. So they came
back and said hey we will fix

00:31:10.135-->00:31:15.741
it, that was 3 months ago and
it's still not fixed, but maybe
they will get to it eventually.

00:31:15.741-->00:31:20.378
But a lot of the other locks
that we can't break into
actually use a similar process.

00:31:20.378-->00:31:24.282
So we figure hey let's take
advantage of this, and see if we
can do a attack like this on

00:31:24.282-->00:31:28.720
other locks that we couldn't
break. So that's where this
attack actually came in, so what

00:31:28.720-->00:31:35.293
I do is I stand near the lock,
with a device. And the lock
sends me a nuance value, I take

00:31:35.293-->00:31:39.364
that value and I send it to
another device that's sitting
near the user. I use cellular

00:31:39.364-->00:31:43.835
wifi or something to send that
information. This device is like
taped underneath their car,

00:31:43.835-->00:31:47.139
whatever high tech method you
want to use. But as long as it's
near them it doesn't really

00:31:47.139-->00:31:50.842
matter, because I'm going to
send that value to them and they
are going to get it encrypted

00:31:50.842-->00:31:55.280
for me and send it back to me.
All because this app is running
in the background, and this is

00:31:55.280-->00:32:01.019
really the big problem. Because
these apps are constantly
running for user convenience.

00:32:01.019-->00:32:05.957
And since they're focusing on
convenience and not security I'm
gonna take advantage of that. So

00:32:05.957-->00:32:10.262
they send that password back to
me while i'm standing at the
lock and I open it. And this is

00:32:10.262-->00:32:13.698
all done in realtime really
quickly. And this is actually
what we want to develop next,

00:32:13.698-->00:32:18.470
this is kinda our next project
we want to work on. To be able
to do this. And you are probably

00:32:18.470-->00:32:24.376
thinking how do I find these
rogue devices, well actually
sadly uhmmm, if you saw the blue

00:32:24.376-->00:32:28.446
hydra talk, they actually did
something similar to us. So this
is another kinda one of those

00:32:28.446-->00:32:34.152
programs. But its bluefinder,
it's just a program we built,
allows to track devices. SO what

00:32:34.152-->00:32:40.058
we did we actually tested a
range of device and actually um
found out what their signal

00:32:40.058-->00:32:45.430
strength was at a meter, and
then we actually built a model
behind that to actually track

00:32:45.430-->00:32:50.368
devices. And we actually we have
a pretty good error rate on
that, 24%, so we within 3 meters

00:32:50.368-->00:32:56.141
I can find where your device is
and uhh here's actually a graph
of it. If you take that ud100

00:32:56.141-->00:33:00.645
device, hookup a high gain
antenna to it, I can actually
track your device up to about

00:33:00.645-->00:33:06.184
700 meters, or almost a half
mile. so I can follow you pretty
well with a pretty good idea

00:33:06.184-->00:33:10.555
which direction it is, because
these antennas are directional.
So I Can be like oh yeah he's

00:33:10.555-->00:33:14.960
actually that way about 600
meters away. So let me actually
give you a demo of this, this is

00:33:14.960-->00:33:19.965
actually me tracking a target,
i'm sitting in my home, just
relaxing, tracking a target. Umm

00:33:30.609-->00:33:34.446
[laughter]. [Clapping]. So my
very high tech method was taking
a fitbit and duct taking it to

00:33:34.446-->00:33:39.451
my child, [laughter]. Yeah my
wife wasn't very thrilled about
this one. You think that table

00:33:42.721-->00:33:47.826
was bad, this was worse. So yeah
you can track targets very far
with that kind of equipment,

00:33:47.826-->00:33:53.965
that's really the point. Ummm
and really overall the thing we
really wanted to make clear was

00:33:53.965-->00:33:59.738
that vendors overall just did
not prioritize the right thing.
They were prioritizing physical

00:33:59.738-->00:34:04.943
security over wireless security.
Umm obviously there is
exceptions, quickset decided

00:34:04.943-->00:34:10.181
that a screwdriver could be a
second key, umm probably not the
best design decision, but

00:34:10.181-->00:34:15.186
overall um we evaluate a lot of
devices. And we found that 12
out of 16 of them were broken.

00:34:17.689-->00:34:21.660
Umm and that's a very high
number, I went into this
thinking hey maybe i'll find one

00:34:21.660-->00:34:27.098
or two devices that are broken,
no I found 12. So overall
they're pretty , pretty bad. And

00:34:27.098-->00:34:32.003
umm I really wanted vendors to
know that there's a problem so
that we can actually fix it. And

00:34:32.003-->00:34:37.142
then finally we wanted to put
out a recommendation to users,
what we wanted to tell you guys

00:34:37.142-->00:34:41.513
hey, turn off your bluetooth
when it's not in use, uhh
specially here at defcon. Please

00:34:41.513-->00:34:46.384
turn off your bluetooth. Uhh
because people are walking
around and I'm like Gary's

00:34:46.384-->00:34:51.923
iPhone. Hi Gary, I'm gonna
connect to your stuff now. Ummm
so turn it off when it's not in

00:34:51.923-->00:34:57.195
use. Because that's why that
relay attack works, its because
your constantly advertising and

00:34:57.195-->00:35:01.633
looking for these devices and
that's how I take advantage of
it. Umm so some of the big

00:35:01.633-->00:35:06.972
future work we want to work on.
I found a really surprising
thing with history logs. So

00:35:06.972-->00:35:11.142
people are, a lot of these lock
companies build history logs
into their devices, which is

00:35:11.142-->00:35:15.647
great. But they didn't hid it
behind a password. So I can
actually connected to your

00:35:15.647-->00:35:20.352
device and see everything about
your lock. And it even gets
better, they are actually

00:35:20.352-->00:35:26.491
storing usernames and passwords.
So let's think of a hypothetical
situation where we have users:

00:35:26.491-->00:35:31.162
Mom, Dad, Jimmy and Sally. And
we have time stamps associated
with when they come home and

00:35:31.162-->00:35:35.266
when they leave. So now I know
when mom and dad are home, I
know when Jimmy and Sally are

00:35:35.266-->00:35:40.205
home, I know when they are not
home. SO when I'm a bad person I
can take advantage of this. And

00:35:40.205-->00:35:44.075
really we want to put some
pressure onto vendors so that
way they would fix this problem.

00:35:44.075-->00:35:46.077
Next uhhh using rogue devices,
do a dynamic profile. I want to
advertise 20 different

00:35:46.077-->00:35:48.079
advertisements packets, so I can
connect, so I can advertise 20
different devices, so that way

00:35:48.079-->00:35:50.181
when somebody connects to me, I
server my GAT server to match
whatever they are looking for.

00:35:50.181-->00:35:52.183
So that way I can steal your
password. Next there's a lot
more commands out on those GAT

00:35:52.183-->00:35:54.986
servers we want to implement
into python. Umm more than just
the connect read and write. And

00:36:09.234-->00:36:14.439
then finally I'm most excited
for this, we bought one of those
bluetooth ATM lock and we are

00:36:14.439-->00:36:19.411
actually going to tear it apart
and see if we can break into it.
If these things, these locks are

00:36:19.411-->00:36:25.083
no indication already, it should
be pretty easy. But I'm hoping
its better than we think it is.

00:36:25.083-->00:36:28.987
That's really it. I wanted to
uhh open up the floor for some
questions, so if you have any

00:36:28.987-->00:36:33.992
questions come up to the
microphone and hopefully I can
answer them. thank you.

00:36:39.631-->00:36:46.104
[Clapping] [Clapping] Yup?
>>Question: Hello. First thanks
for looking into this hell of a

00:36:46.104-->00:36:51.076
lot of devices. Really
interesting. I did some similar
research and I want to add on

00:36:51.076-->00:36:57.315
your two unbreakable first ones,
because I looked into 3 devices
and broke 3 of them. And 2 of

00:36:57.315-->00:37:03.021
them being the Noke and the
masterlock. So uhh I'm not
disclosing too much right now,

00:37:03.021-->00:37:08.493
because Noke actually responded
to my request and they are
fixing it. But just so much they

00:37:08.493-->00:37:14.666
have AES, but they are doing it
wrong, so I broke their AES
crypto. And the masterlock has a

00:37:14.666-->00:37:21.306
physical bypass. So I will talk
about that if I realise it to
them. And the third one was

00:37:21.306-->00:37:26.845
shammable, Oh my God. But thanks
for your work and possibly
exchange contacts later. >>Ahhh

00:37:26.845-->00:37:31.349
yeah that's awesome. Umm come
grab me afterwards I would love
to talk to you, because there's

00:37:31.349-->00:37:35.220
always so many devices out there
that I haven't had a chance to
break and always cool ways to do

00:37:35.220-->00:37:40.358
it, so thank you. >>Question:
You talked earlier about an
Insteon talk that would be

00:37:40.358-->00:37:43.528
happening later, what are the
details on that? >>Yeah that's
actually in the wireless

00:37:43.528-->00:37:47.699
village, my friend Kallub is
actually going to be giving that
up in the wireless village at

00:37:47.699-->00:37:52.770
12:20 I think. Somewhere around
there? >>12:20 at the wireless
village, because uhh about

00:37:52.770-->00:37:57.609
Insteon door locks or? >Its
about Insteon devices overall,
so it's mostly focusing on I

00:37:57.609-->00:38:03.114
think the lights, the camera and
the hub. So go check it out it
will be really cool. >> Thank

00:38:03.114-->00:38:08.153
you. Great talk by the way. >>
Thank You >> Question: These
locks that you were taking

00:38:08.153-->00:38:12.557
apart, you said they were
emphasizing physical security.
Did you notice any tamper

00:38:12.557-->00:38:17.061
detection in the firmware at
all? >> I did not notice any,
but I wasn't actually

00:38:17.061-->00:38:22.500
specifically looking for it. Umm
but I mean all the locks that I
used, at least 50...um

00:38:22.500-->00:38:27.272
wirelessly the ones I sent
commands to, really a lot of
them didn't care what I was

00:38:27.272-->00:38:31.142
sending because they thought I
was the device. So.. >> So what
I'm talking about is actually

00:38:31.142-->00:38:34.879
something where, where there's
something in the firmware or a
switch, determines a case was

00:38:34.879-->00:38:38.449
opened or something that was
being tampered with. >> I
haven't looked for that, thats

00:38:38.449-->00:38:42.987
actually a very fascinating
thing I could look into, so I
will have to check that out. >>

00:38:42.987-->00:38:49.327
Check, please do. >> Thank you
>> Question: Yeah thanks, great
talk. Question, ummm so do you

00:38:49.327-->00:38:54.599
think the time dependent in the
rolling code of like what we use
in the payment system will solve

00:38:54.599-->00:39:00.772
some of the security issue you
mentioned? >> Um you talk about
a rolling code? >> Yeah time

00:39:00.772-->00:39:04.275
dependent, only code you see
like in a payment system. >>
Yeah I think that helps the

00:39:04.275-->00:39:09.180
situation but if I do a really
attack over long distance it
wouldn't matter, because i'm

00:39:09.180-->00:39:13.585
pretty much convincing the user
to send me a password and then I
really it over to the lock in

00:39:13.585-->00:39:19.023
realtime. So really what they
need to do is obviously
geolocation they can help with,

00:39:19.023-->00:39:23.428
not allowing these apps to run
continuously is a big deal. So
there's a lot, there's a

00:39:23.428-->00:39:27.198
combination of things they
actually need to implement to
actually prevent these things

00:39:27.198-->00:39:34.105
from being vulnerable. So uhh so
thats a big part of it though.
Gotcha. >> Yeah thanks. >> Thank

00:39:34.105-->00:39:38.076
you. >> Question: Hi um
regarding the uncrackable locks,
you showed at the beginning. Why

00:39:38.076-->00:39:44.215
were you not able the kwikset
kevo or the august lock
electronically? >>So part of its

00:39:44.215-->00:39:48.686
time. So I started finding
vulnerabilities in other locks
and dedicated more time to those

00:39:48.686-->00:39:50.989
ones, and some of them I just
haven't come up with creative
ways to do it yet. I know other

00:39:50.989-->00:39:52.991
people have done things and I am
very fascinated by learning what
they are, but yeah currently at

00:39:52.991-->00:39:54.993
least the methods I was using
they weren't able to break them
yet. I think the relay method at

00:39:54.993-->00:39:59.998
least should be able to break
some of those locks, but I just
need to test it out this point.

00:40:09.874-->00:40:13.945
>> Awesome, awesome talk. >>
Thanks >> Questions: Yeah great
talk thanks. That was actually

00:40:13.945-->00:40:18.583
my questions as well, but as a
follow up: have you looked at
realtors, the tool they are

00:40:18.583-->00:40:23.588
using now to uhhh..so I just
recently purchased a house, the
realtor goes up and the little

00:40:23.588-->00:40:28.126
door lock they put, that's all
bluetooth now. >> Uhh thats
awesome. >> Yeah so they put in

00:40:28.126-->00:40:31.963
a code and it spits out the
actually the physical key to the
house. So you might want to.. >>

00:40:31.963-->00:40:35.933
Im going to have to buy one of
those, thats, that thats
awesome. >> Yeah thanks, great

00:40:35.933-->00:40:41.439
talk. >Thank you. >> Question:
Great talk. I wanted to ask you
if you have looked into also

00:40:41.439-->00:40:45.543
medical devices? After all if
someone want to break into your
house, he can do it the old

00:40:45.543-->00:40:50.415
fashion way, but with a body
it's more difficult. >> So
originally I wanted to focus on

00:40:50.415-->00:40:56.688
medical devices, specifically
pacemakers and insulin pumps.
Uhhh so I am a student

00:40:56.688-->00:41:00.692
currently,and all my fellow
students looked at me like I was
crazy. And they are like you are

00:41:00.692-->00:41:05.129
going to kill somebody, and I
was like that's not the point. I
want to test devices and look

00:41:05.129-->00:41:09.834
for issues, but really what it
comes down to, is getting hold
of these devices is really

00:41:09.834-->00:41:14.939
difficult. But I want to do
that, I actually want to look
into these devices, but finding

00:41:14.939-->00:41:21.746
them short of buying them off a
dead body i'm not really gonna
get one. Hahaha. >> Thanks

00:41:21.746-->00:41:26.584
Great. >> Thanks >> Question: So
one of the things that allows
these attacks to work is that

00:41:26.584-->00:41:33.157
your are able to sniff this
plain text traffic off of the
radio waves I guess. Ummm does

00:41:33.157-->00:41:39.030
BLE offer any option for
encrypted communication other
than implementing it yourself?

00:41:39.030-->00:41:44.469
>> Umm so they actually have a
link layer encryption in 4.1,
ummm but if you have ever, if

00:41:44.469-->00:41:48.573
you have looked into Mike Ryan's
work: he actually breaks that.
Um they actually have a, it's

00:41:48.573-->00:41:52.744
very vulnerable. So they
actually developed a new
protocol, 4.2, that actually

00:41:52.744-->00:41:57.448
implements link layer encryption
that actually works better, but
what we found is that most

00:41:57.448-->00:42:02.520
devices don't use it. It's not
very common. So umm obviously if
they could use the link layer

00:42:02.520-->00:42:07.291
encryption in the protocol, on
top of a app layer encryption
that would be more ideal. That

00:42:07.291-->00:42:12.563
might deter some people. So
hopefully that's what we see in
the future. >> Cool thank you.

00:42:12.563-->00:42:15.800
>> Thanks. Ummm I think I'm out
of time, so thank you guys,
thank you very much. [Clapping]